iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/fs
History
Zach Brown fb6ccff667 fuse: verify all ioctl retry iov elements 
Commit 7572777eef78ebdee1ecb7c258c0ef94d35bad16 attempted to verify that
the total iovec from the client doesn't overflow iov_length() but it
only checked the first element.  The iovec could still overflow by
starting with a small element.  The obvious fix is to check all the
elements.

The overflow case doesn't look dangerous to the kernel as the copy is
limited by the length after the overflow.  This fix restores the
intention of returning an error instead of successfully copying less
than the iovec represented.

I found this by code inspection.  I built it but don't have a test case.
I'm cc:ing stable because the initial commit did as well.

Signed-off-by: Zach Brown <zab@redhat.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
CC: <stable@vger.kernel.org>         [2.6.37+]
2012-08-06 18:19:24 +02:00
..
9p
kill v9fs_dentry_from_dir_inode()
2012-05-29 23:28:34 -04:00
adfs
switch open-coded instances of d_make_root() to new helper
2012-03-20 21:29:35 -04:00
affs
affs: bury unused macros
2012-05-29 23:28:34 -04:00
afs
vfs: Rename end_writeback() to clear_inode()
2012-05-06 13:43:41 +08:00
autofs4
avoid iput() from flusher thread
2012-05-28 09:54:45 -07:00
befs
switch open-coded instances of d_make_root() to new helper
2012-03-20 21:29:35 -04:00
bfs
vfs: Rename end_writeback() to clear_inode()
2012-05-06 13:43:41 +08:00
btrfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs
2012-07-05 13:06:25 -07:00
cachefiles
switch touch_atime to struct path
2012-03-20 21:29:41 -04:00
ceph
ceph: check PG_Private flag before accessing page->private
2012-06-20 07:43:48 -05:00
cifs
cifs: when server doesn't set CAP_LARGE_READ_X, cap default rsize at MaxBufferSize
2012-07-03 12:54:42 -05:00
coda
vfs: Rename end_writeback() to clear_inode()
2012-05-06 13:43:41 +08:00
configfs
make configfs_pin_fs() return root dentry on success
2012-03-20 21:29:48 -04:00
cramfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2012-03-21 13:36:41 -07:00
debugfs
debugfs: Add support to print u32 array in debugfs
2012-04-17 00:18:36 -04:00
devpts
userns: Convert devpts to use kuid/kgid where appropriate
2012-05-15 14:59:26 -07:00
dlm
dlm: NULL dereference on failure in kmem_cache_create()
2012-05-15 10:39:28 -05:00
ecryptfs
eCryptfs: Gracefully refuse miscdev file ops on inherited/passed files
2012-07-06 15:51:12 -05:00
efs
switch open-coded instances of d_make_root() to new helper
2012-03-20 21:29:35 -04:00
exofs
exofs: fix sparse non-ANSI function warning
2012-06-12 06:33:22 +03:00
exportfs
->encode_fh() API change
2012-05-29 23:28:33 -04:00
ext2
avoid iput() from flusher thread
2012-05-28 09:54:45 -07:00
ext3
avoid iput() from flusher thread
2012-05-28 09:54:45 -07:00
ext4
ext4: don't set i_flags in EXT4_IOC_SETFLAGS
2012-06-07 19:04:19 -04:00
fat
fat: fix non-atomic NFS i_pos read
2012-07-11 16:04:47 -07:00
freevxfs
vfs: Rename end_writeback() to clear_inode()
2012-05-06 13:43:41 +08:00
fscache
fuse
fuse: verify all ioctl retry iov elements
2012-08-06 18:19:24 +02:00
gfs2
->encode_fh() API change
2012-05-29 23:28:33 -04:00
hfs
vfs: Rename end_writeback() to clear_inode()
2012-05-06 13:43:41 +08:00
hfsplus
hfsplus: fix bless ioctl when used with hardlinks
2012-06-17 14:39:59 -07:00
hostfs
vfs: Rename end_writeback() to clear_inode()
2012-05-06 13:43:41 +08:00
hpfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2012-06-01 10:34:35 -07:00
hppfs
vfs: Rename end_writeback() to clear_inode()
2012-05-06 13:43:41 +08:00
hugetlbfs
avoid iput() from flusher thread
2012-05-28 09:54:45 -07:00
isofs
->encode_fh() API change
2012-05-29 23:28:33 -04:00
jbd
jbd: Write journal superblock with WRITE_FUA after checkpointing
2012-05-15 23:34:37 +02:00
jbd2
jbd2: use kmem_cache_zalloc wrapper instead of flag
2012-06-01 00:10:32 -04:00
jffs2
- More robust parsing especially of xattr data in JFFS2
2012-06-01 16:55:42 -07:00
jfs
vfs: Rename end_writeback() to clear_inode()
2012-05-06 13:43:41 +08:00
lockd
Merge branch 'for-3.5' of git://linux-nfs.org/~bfields/linux
2012-06-01 08:32:58 -07:00
logfs
vfs: Rename end_writeback() to clear_inode()
2012-05-06 13:43:41 +08:00
minix
vfs: Rename end_writeback() to clear_inode()
2012-05-06 13:43:41 +08:00
ncpfs
fs: introduce inode operation ->update_time
2012-06-01 12:07:25 -04:00
nfs
NFSv4: Fix an NFSv4 mount regression
2012-07-10 13:25:39 -04:00
nfs_common
nfsd
nfsd4: BUG_ON(!is_spin_locked()) no good on UP kernels
2012-06-14 13:54:08 -04:00
nilfs2
nilfs2: ensure proper cache clearing for gc-inodes
2012-06-20 14:39:35 -07:00
nls
nls: fix (and rename) mac NLS table files and config options
2012-06-01 19:51:22 -07:00
notify
fsnotify: remove unused parameter from send_to_group()
2012-05-30 21:04:53 -04:00
ntfs
fs: introduce inode operation ->update_time
2012-06-01 12:07:25 -04:00
ocfs2
ocfs2: fix NULL pointer dereference in __ocfs2_change_file_space()
2012-07-11 16:04:43 -07:00
omfs
vfs: Rename end_writeback() to clear_inode()
2012-05-06 13:43:41 +08:00
openpromfs
switch open-coded instances of d_make_root() to new helper
2012-03-20 21:29:35 -04:00
proc
vfs: Fix /proc/<tid>/fdinfo/<fd> file handling
2012-06-04 11:00:45 -07:00
pstore
staging tree fixes for 3.5-rc4
2012-06-20 15:15:03 -07:00
qnx4
qnx4: new helper - try_extent()
2012-03-20 21:29:52 -04:00
qnx6
fs: initial qnx6fs addition
2012-03-20 21:29:38 -04:00
quota
quota: Get rid of nested I_MUTEX_QUOTA locking subclass
2012-05-15 23:34:39 +02:00
ramfs
fs: ramfs: file-nommu: add SetPageUptodate()
2012-07-11 16:04:47 -07:00
reiserfs
reiserfs: get rid of resierfs_sync_super
2012-06-01 10:37:36 -04:00
romfs
MTD merge for 3.4
2012-03-30 17:31:56 -07:00
squashfs
Add an extra mount time sanity check, plus some code cleanups and bug fixes.
2012-03-28 18:05:54 -07:00
sysfs
avoid iput() from flusher thread
2012-05-28 09:54:45 -07:00
sysv
vfs: Rename end_writeback() to clear_inode()
2012-05-06 13:43:41 +08:00
ubifs
UBIFS: correct usage of IS_ENABLED()
2012-06-27 14:22:15 +03:00
udf
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
2012-06-28 11:43:45 -07:00
ufs
avoid iput() from flusher thread
2012-05-28 09:54:45 -07:00
xfs
xfs: rename log structure to xlog
2012-06-21 14:21:11 -05:00
aio.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2012-06-01 10:34:35 -07:00
anon_inodes.c
anon_inodes: move allocation of anon_inode into ->mount()
2012-03-20 21:29:45 -04:00
attr.c
vfs: increment iversion when a file is truncated
2012-05-30 21:04:53 -04:00
bad_inode.c
mm/fs: remove truncate_range
2012-05-29 16:22:23 -07:00
binfmt_aout.c
VM: add "vm_mmap()" helper function
2012-04-20 17:29:13 -07:00
binfmt_elf_fdpic.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2012-05-23 17:42:39 -07:00
binfmt_elf.c
binfmt_elf: switch elf_map() to vm_mmap/vm_munmap
2012-05-30 21:04:55 -04:00
binfmt_em86.c
__register_binfmt() made void
2012-03-20 21:29:46 -04:00
binfmt_flat.c
binfmt_flat: use vm_munmap, we are missing ->mmap_sem there
2012-05-30 21:04:56 -04:00
binfmt_misc.c
vfs: Rename end_writeback() to clear_inode()
2012-05-06 13:43:41 +08:00
binfmt_script.c
__register_binfmt() made void
2012-03-20 21:29:46 -04:00
binfmt_som.c
VM: add "vm_mmap()" helper function
2012-04-20 17:29:13 -07:00
bio-integrity.c
fs: remove the second argument of k[un]map_atomic()
2012-03-20 21:48:21 +08:00
bio.c
Merge branch 'for-3.5/core' of git://git.kernel.dk/linux-block
2012-05-30 08:52:42 -07:00
block_dev.c
avoid iput() from flusher thread
2012-05-28 09:54:45 -07:00
buffer.c
block: fix infinite loop in __getblk_slow
2012-07-13 08:36:35 -07:00
char_dev.c
compat_binfmt_elf.c
compat_ioctl.c
The following text was taken from the original review request:
2012-03-24 10:24:31 -07:00
compat.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal
2012-06-01 11:53:44 -07:00
dcache.c
Revert "vfs: stop d_splice_alias creating directory aliases"
2012-06-08 10:34:03 -07:00
dcookies.c
fs: reduce the use of module.h wherever possible
2012-02-28 19:31:58 -05:00
direct-io.c
NFS: Ensure that setattr and getattr wait for O_DIRECT write completion
2012-05-31 11:41:36 -07:00
drop_caches.c
eventfd.c
eventfd: change int to __u64 in eventfd_signal()
2012-05-31 17:49:32 -07:00
eventpoll.c
HAVE_RESTORE_SIGMASK is defined on all architectures now
2012-06-01 12:58:46 -04:00
exec.c
mm: correctly synchronize rss-counters at exit/exec
2012-06-20 14:39:36 -07:00
fcntl.c
switch fcntl to fget_raw_light/fput_light
2012-05-29 23:28:30 -04:00
fhandle.c
fifo.c
file_table.c
brlocks/lglocks: API cleanups
2012-05-29 23:28:41 -04:00
file.c
Merge branch 'x86-x32-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2012-03-29 18:12:23 -07:00
filesystems.c
fs_struct.c
The following text was taken from the original review request:
2012-03-24 10:24:31 -07:00
fs-writeback.c
writeback: Fix lock imbalance in writeback_sb_inodes()
2012-06-09 08:32:15 +09:00
generic_acl.c
inode.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2012-06-01 10:34:35 -07:00
internal.h
vfs: split __dentry_open()
2012-06-01 12:12:00 -04:00
ioctl.c
fs: reduce the use of module.h wherever possible
2012-02-28 19:31:58 -05:00
ioprio.c
Merge branch 'for-3.5/core' of git://git.kernel.dk/linux-block
2012-05-30 08:52:42 -07:00
Kconfig
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2012-03-21 13:36:41 -07:00
Kconfig.binfmt
C6X: add support to build with BINFMT_ELF_FDPIC
2012-05-15 09:17:34 -04:00
libfs.c
vfs: make it possible to access the dentry hash/len as one 64-bit entry
2012-05-10 19:54:35 -07:00
locks.c
Remove easily user-triggerable BUG from generic_setlease
2012-07-13 10:50:23 -07:00
Makefile
fs: initial qnx6fs addition
2012-03-20 21:29:38 -04:00
mbcache.c
mount.h
mpage.c
fs: reduce the use of module.h wherever possible
2012-02-28 19:31:58 -05:00
namei.c
vfs: retry last component if opening stale dentry
2012-06-01 12:12:01 -04:00
namespace.c
vfs: umount_tree() might be called on subtree that had never made it
2012-05-30 21:04:55 -04:00
no-block.c
open.c
vfs: make O_PATH file descriptors usable for 'fchdir()'
2012-07-07 17:19:02 -07:00
pipe.c
fs: introduce inode operation ->update_time
2012-06-01 12:07:25 -04:00
pnode.c
brlocks/lglocks: API cleanups
2012-05-29 23:28:41 -04:00
pnode.h
posix_acl.c
fs: reduce the use of module.h wherever possible
2012-02-28 19:31:58 -05:00
proc_namespace.c
brlocks/lglocks: API cleanups
2012-05-29 23:28:41 -04:00
read_write.c
aio/vfs: cleanup of rw_copy_check_uvector() and compat_rw_copy_check_uvector()
2012-05-31 17:49:32 -07:00
read_write.h
readdir.c
switch readdir/getdents to fget_light/fput_light
2012-05-29 23:28:29 -04:00
select.c
HAVE_RESTORE_SIGMASK is defined on all architectures now
2012-06-01 12:58:46 -04:00
seq_file.c
The following text was taken from the original review request:
2012-03-24 10:24:31 -07:00
signalfd.c
switch signalfd4() to fget_light/fput_light
2012-05-29 23:28:30 -04:00
splice.c
splice: fix racy pipe->buffers uses
2012-06-13 21:16:42 +02:00
stack.c
fs: reduce the use of module.h wherever possible
2012-02-28 19:31:58 -05:00
stat.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2012-05-23 17:42:39 -07:00
statfs.c
switch statfs to fget_light/fput_light
2012-05-29 23:28:31 -04:00
super.c
The following text was taken from the original review request:
2012-03-24 10:24:31 -07:00
sync.c
switch do_fsync() to fget_light()
2012-05-29 23:28:29 -04:00
timerfd.c
utimes.c
switch utimes() to fget_light/fput_light
2012-05-29 23:28:32 -04:00
xattr_acl.c
fs: reduce the use of module.h wherever possible
2012-02-28 19:31:58 -05:00
xattr.c
switch xattr syscalls to fget_light/fput_light
2012-05-29 23:28:30 -04:00